You can choose a password length of not more than 50 characters. Do not forget to switch keyboard layout to the English. Do not choose a password too simple, less then 4 characters, because such a password is easy to find out. Allowed latin and [email protected]#$%^&*()_-+=., characters

Honestly I warn: take this text with a certain amount of skepticism. I just recently started to get acquainted with the internals of PHP, but I would like to tell you about what is happening behind the scenes bug # 75237 .

As a continuation of the research publications of our company on the internal mechanisms of the world's largest messengers. Today we will look at WhatsApp in its current state. In fact, the insides have not changed much over the past three years, the changes there are rather cosmetic.

In this article we will look in detail how to study the protocol of the messenger, answer the question "Can WhatsApp read our correspondence?" And I will attach all the necessary code in PHP.

Recently, the Avito PHP projects have moved to the version of PHP 7.1. On this occasion, we decided to recall how the transition to PHP 7.0 took place for us and our colleagues from OLX. It's a long time ago, but there are beautiful graphics that you want to show the world.
The first part of the story is based on the article PHP's not dead! PHP7 in practice , written by our colleague from OLX Łukasz Szymański (Lukasz Szymanski): the transition of OLX to PHP 7. In the second part - the Avito transition experience in PHP 7.0 and PHP 7.1: the process, the difficulties, the results with the graphs.

These are the principles of software development, taken from the Robert Martin Clean Code book and adapted for PHP. This manual is not a programming style, but to create a readable, reusable and refactoring-friendly PHP code.
Not each of these principles should be strictly observed, and with even fewer will all agree. These are just recommendations, not more, but they are all codified in the author's many years of collective experience.
The article is inspired by clean-code-javascript .

I want to share one feature when setting COOKIE values, which is often overlooked by the web developers.
According to my experience as for research of the web application vulnerabilities for 2009-2011, this error occurred in 87% of the web applications that were written in PHP.
In order to reduce this rate, I have decided to write this article.

I will not even talk about httpOnly flag, though its use is very important and necessary.

Hello, UMumble! Once, I was faced with a choice in the process of developing an authentication system for my project. Namely, what is the best way to store user passwords in the database? Many options came into my head. The most obvious were:

1. Storing the passwords as a plain text in a database.
2. Using regular hashes, such as crc32, md5, and sha1.
3. Using crypt() function.
4. Using the statical salt as type of structure md5(md5($ pass)).
5. Using the unique salt for each user.

The first and second options I had to eliminate for several reasons right away.

It was nice to find the website of this framework quite randomly in the second half of the business hours. New frameworks are rare, and even more rarely you come across mechanisms that are liked at first sight. Therefore, I would like to share my discovery with you.

First, I liked its name Nette right away. It's almost like a Latte. Only Nette as it turned out later is the Latte that has its own built-in template engine. Oh.

Second, at first view it created an impression of something new and advanced (they are almost as thoughts of the PHP team, pluging in the genius language the traits, and forgetting the boring Unicode):

HTML5

PHP 5.3

Built-in HTML template macros

Context-Aware Escaping technology

Configurations in the curious NEON format, on basis of which is generated PHP code

Own implementation of the base class for objects Nette \ Object

Events and subscription

Callbacks

New streaming protocol safe :/ / for an atomic access to the file system

Before I begin, I know what are phpDaemon and System_Daemon. I read some articles about this subject.

So, let's assume that you've already decided that you need the daemon. What should daemon be able to do?

• It should run from the console and unbind from it.
• It should write all information to the logs, nothing output to the console.
• It should be able to create the child processes and monitor them.
• It should perform an assigned task.
• It should correctly complete a job.

In the Web you can find a lot of solutions to emulate multithreading in php. Most often they are based on the forks, but there are variations about using curl, proc_open and etc.

I did not like the alternatives that I found, so I had to write my own solution.
Here is the following set of requirements:

• Use of the forks
• In-sync state with the interface in the absence of the necessary extensions
• Multiple use of child processes
• A full data exchange between processes. That is, running with the arguments and getting results at the end
• The event exchange between the child process-"thread" and the basic process at work
• Handling the thread pool with the multiple use, transferring arguments and getting results
• Error handling
• Timeouts for the work performance, waiting for work thread, initialization
• Maximum performance

After I have read some article about the handling of critical errors in PHP, I noticed that the error codes were customized specially for the bitwise operations in PHP, however, in the article’s examples and the comments are used regular operators for comparison in order to check the error codes.